<<< Date Index >>>     <<< Thread Index >>>

MDKSA-2004:084 - Updated spamassassin packages fixes possible malformed message vulnerability



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           spamassassin
 Advisory ID:            MDKSA-2004:084
 Date:                   August 18th, 2004

 Affected versions:      10.0, 9.1, 9.2, Corporate Server 2.1
 ______________________________________________________________________

 Problem Description:

 Security fix prevents a denial of service attack open to certain
 malformed messages; this DoS affects all SpamAssassin 2.5x and 2.6x
 versions to date.
 _______________________________________________________________________

 References:

  http://marc.theaimsgroup.com/?l=spamassassin-announce&m=109168121628767&w=2
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 5b523cae997b928ef74bcb147bc3dc58  
10.0/RPMS/spamassassin-2.63-2.1.100mdk.i586.rpm
 648b4aec9d3839102474a18665eb417a  
10.0/RPMS/spamassassin-tools-2.63-2.1.100mdk.i586.rpm
 764a571c8f7d0ba495da185a1c1ad1fd  
10.0/RPMS/perl-Mail-SpamAssassin-2.63-2.1.100mdk.i586.rpm
 aeec218cb9e05fc9e0a39b6232b3ffb0  
10.0/SRPMS/spamassassin-2.63-2.1.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 09df0a5b383eb0d41575a1f529ab5c0a  
amd64/10.0/RPMS/spamassassin-2.63-2.1.100mdk.amd64.rpm
 55400288a24bee8fc161ff6ee09a43bf  
amd64/10.0/RPMS/spamassassin-tools-2.63-2.1.100mdk.amd64.rpm
 3e80a6cf3cc98ca8e50f038462542dfc  
amd64/10.0/RPMS/perl-Mail-SpamAssassin-2.63-2.1.100mdk.amd64.rpm
 aeec218cb9e05fc9e0a39b6232b3ffb0  
amd64/10.0/SRPMS/spamassassin-2.63-2.1.100mdk.src.rpm

 Corporate Server 2.1/x86_64:
 308c5c891528d7647a859a0e06c476c4  
x86_64/corporate/2.1/RPMS/spamassassin-2.53-1.1.C21mdk.x86_64.rpm
 9d8fa372922261e3c9a7d972a4ddb4da  
x86_64/corporate/2.1/RPMS/spamassassin-tools-2.53-1.1.C21mdk.x86_64.rpm
 324109473351331503ebf0e949a5eacf  
x86_64/corporate/2.1/RPMS/perl-Mail-SpamAssassin-2.53-1.1.C21mdk.x86_64.rpm
 bb4068503f9f85f1174c312edaa42c50  
x86_64/corporate/2.1/SRPMS/spamassassin-2.53-1.1.C21mdk.src.rpm

 Mandrakelinux 9.1:
 2cae1384e9d5681afaf33bb987666e38  9.1/RPMS/spamassassin-2.44-1.1.91mdk.i586.rpm
 f9de623c91ad5fea6a77278fb3c806e2  
9.1/RPMS/spamassassin-tools-2.44-1.1.91mdk.i586.rpm
 c6e83539afe0d816aa7aa60423ec25f5  
9.1/RPMS/perl-Mail-SpamAssassin-2.44-1.1.91mdk.i586.rpm
 816b118e15d228db4073242470a0544c  9.1/SRPMS/spamassassin-2.44-1.1.91mdk.src.rpm

 Mandrakelinux 9.1/PPC:
 c8746cb07bb27db5525745d7596dd1bb  
ppc/9.1/RPMS/spamassassin-2.44-1.1.91mdk.ppc.rpm
 87623c4ec0adff188646c7d07d153c69  
ppc/9.1/RPMS/spamassassin-tools-2.44-1.1.91mdk.ppc.rpm
 da8537bffa927c435c4fef88fbbee4eb  
ppc/9.1/RPMS/perl-Mail-SpamAssassin-2.44-1.1.91mdk.ppc.rpm
 816b118e15d228db4073242470a0544c  
ppc/9.1/SRPMS/spamassassin-2.44-1.1.91mdk.src.rpm

 Mandrakelinux 9.2:
 321c26941160d803263f1f49e9fb0b80  9.2/RPMS/spamassassin-2.55-2.1.92mdk.i586.rpm
 4e81f648eaf1a4cfefa4997fe13eb2c9  
9.2/RPMS/spamassassin-tools-2.55-2.1.92mdk.i586.rpm
 4408fec0d9a9a6a84a2d01345a8a3b37  
9.2/RPMS/perl-Mail-SpamAssassin-2.55-2.1.92mdk.i586.rpm
 677be35edf38a7363f3714092b12439a  9.2/SRPMS/spamassassin-2.55-2.1.92mdk.src.rpm

 Mandrakelinux 9.2/AMD64:
 61a2929f0ef503d24252b083692356f1  
amd64/9.2/RPMS/spamassassin-2.55-2.1.92mdk.amd64.rpm
 2823caa21693d9d430624dd5e15e7c84  
amd64/9.2/RPMS/spamassassin-tools-2.55-2.1.92mdk.amd64.rpm
 1e9fa6fc40a39e3a7c55a67b6b9daa81  
amd64/9.2/RPMS/perl-Mail-SpamAssassin-2.55-2.1.92mdk.amd64.rpm
 677be35edf38a7363f3714092b12439a  
amd64/9.2/SRPMS/spamassassin-2.55-2.1.92mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBI9gQmqjQ0CJFipgRAtJbAKDHJT659KOaPTO6DaNVcnBdfaYzHQCgrlMN
m5/VpkqzBgS6D+P5/Q8esYg=
=GusY
-----END PGP SIGNATURE-----